Windows has encountered a critical error and will restart in 1 minute

Inactive
By MattRounseville
Aug 7, 2012
  1. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 01
    Ran by SYSTEM at 2012-08-22 20:07:23 Run:2
    Running from E:\

    ==============================================

    HKEY_USERS\Matthew\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation Value deleted successfully.
    HKEY_USERS\Matthew\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction Value deleted successfully.
    HKEY_USERS\Matthew\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings Value deleted successfully.
    HKEY_USERS\Sage\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction Value deleted successfully.
    HKEY_USERS\Sage\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings Value deleted successfully.
    HKEY_USERS\Skye\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction Value deleted successfully.
    HKEY_USERS\Skye\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings Value deleted successfully.
    HKEY_USERS\Sylvie\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction Value deleted successfully.
    HKEY_USERS\Sylvie\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings Value deleted successfully.

    ==== End of Fixlog ====
  2. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

    ok well now I am back to being locked out of my user account (Matthew).

    Also this Sirefef trojan is still all over the place
  3. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

  4. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

    Not able to post a screen shot. Also, MSE Virus and Spyware definitions failed. Error code: 0x80240022
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let me know how it's working...
  6. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

    Not working that well:

    very slow.

    I am locked out of my user account.There is a signal coming from somewhere, about every 30 seconds that directs my user account to lock. I can disable the lock workstation, but the signal or command is still there and instead of making my account lock up, the screen blinks, sometimes goes black for a minute, and everything is slowed down. This does not happen with my wife or sons user accounts.

    And MSE picking up sirefef trojan every 30 seconds, located here:
    file:C:\Users\Sylvie\AppData\Local\{2ecd8a28-aacc-4050-8b42-84617a28e4ae}\U\800000cb.@

    how to get rid of sirefef permanently?

    Thanks,
  7. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

    I ran Malwarebytes Anti-Malware scan. It appears to have removed the sirefef trojan.

    Still don't know why getting the workstation lock command. Is it possible to access a log to see what command is repeatedly being sent to lock my user account.

    Thanks,
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    We'll kill it!

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  9. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

    Thank you.

    I think the problem with the sirefef trojan has been resolved. I do still have the problem of getting locked out of my user account, even after this TDSS scan.

    The CBS and CBSpersist log files were long and repetitive in the extreme. Might there be clues in there about commands repeated over and over ad infinitum?

    Here is the log of theTDSS scan. In multiple parts.

    10:55:05.0272 3868 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    10:55:05.0748 3868 ============================================================
    10:55:05.0748 3868 Current date / time: 2012/08/25 10:55:05.0748
    10:55:05.0748 3868 SystemInfo:
    10:55:05.0748 3868
    10:55:05.0748 3868 OS Version: 6.0.6002 ServicePack: 2.0
    10:55:05.0748 3868 Product type: Workstation
    10:55:05.0748 3868 ComputerName: FAMILY-PC
    10:55:05.0749 3868 UserName: Sylvie
    10:55:05.0749 3868 Windows directory: C:\Windows
    10:55:05.0749 3868 System windows directory: C:\Windows
    10:55:05.0749 3868 Processor architecture: Intel x86
    10:55:05.0749 3868 Number of processors: 2
    10:55:05.0749 3868 Page size: 0x1000
    10:55:05.0749 3868 Boot type: Normal boot
    10:55:05.0749 3868 ============================================================
    10:55:06.0939 3868 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    10:55:06.0941 3868 ============================================================
    10:55:06.0941 3868 \Device\Harddisk0\DR0:
    10:55:06.0941 3868 MBR partitions:
    10:55:06.0941 3868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1E00000
    10:55:06.0941 3868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E18000, BlocksNum 0x3856D800
    10:55:06.0941 3868 ============================================================
    10:55:06.0975 3868 C: <-> \Device\Harddisk0\DR0\Partition2
    10:55:07.0006 3868 D: <-> \Device\Harddisk0\DR0\Partition1
    10:55:07.0006 3868 ============================================================
    10:55:07.0006 3868 Initialize success
    10:55:07.0006 3868 ============================================================
    10:55:37.0567 0296 ============================================================
    10:55:37.0567 0296 Scan started
    10:55:37.0567 0296 Mode: Manual; SigCheck; TDLFS;
    10:55:37.0567 0296 ============================================================
    10:55:38.0045 0296 ================ Scan system memory ========================
    10:55:38.0045 0296 System memory - ok
    10:55:38.0046 0296 ================ Scan services =============================
    10:55:38.0165 0296 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    10:55:38.0279 0296 ACPI - ok
    10:55:38.0358 0296 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    10:55:38.0424 0296 AdobeActiveFileMonitor8.0 - ok
    10:55:38.0556 0296 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    10:55:38.0577 0296 AdobeFlashPlayerUpdateSvc - ok
    10:55:38.0636 0296 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    10:55:38.0664 0296 adp94xx - ok
    10:55:38.0692 0296 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
    10:55:38.0715 0296 adpahci - ok
    10:55:38.0735 0296 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    10:55:38.0753 0296 adpu160m - ok
    10:55:38.0774 0296 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    10:55:38.0793 0296 adpu320 - ok
    10:55:38.0838 0296 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    10:55:38.0930 0296 AeLookupSvc - ok
    10:55:38.0947 0296 [ B6D7239E7AF6D1B64C790A28067DC6E5 ] AERTFilters C:\Windows\system32\AERTSrv.exe
    10:55:39.0024 0296 AERTFilters - ok
    10:55:39.0066 0296 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    10:55:39.0108 0296 AFD - ok
    10:55:39.0130 0296 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
    10:55:39.0146 0296 agp440 - ok
    10:55:39.0163 0296 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    10:55:39.0181 0296 aic78xx - ok
    10:55:39.0329 0296 [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai c:\program files\common files\akamai/netsession_win_4f7fccd.dll
    10:55:39.0330 0296 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22
    10:55:39.0344 0296 Akamai ( HiddenFile.Multi.Generic ) - warning
    10:55:39.0344 0296 Akamai - detected HiddenFile.Multi.Generic (1)
    10:55:39.0363 0296 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    10:55:39.0478 0296 ALG - ok
    10:55:39.0502 0296 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
    10:55:39.0518 0296 aliide - ok
    10:55:39.0533 0296 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    10:55:39.0549 0296 amdagp - ok
    10:55:39.0566 0296 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
    10:55:39.0584 0296 amdide - ok
    10:55:39.0611 0296 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    10:55:39.0666 0296 AmdK7 - ok
    10:55:39.0690 0296 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    10:55:39.0755 0296 AmdK8 - ok
    10:55:39.0813 0296 [ DFAE18C675D71FD06D57DC69D2913975 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
    10:55:39.0863 0296 AppHostSvc - ok
    10:55:39.0890 0296 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    10:55:39.0957 0296 Appinfo - ok
    10:55:40.0001 0296 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    10:55:40.0015 0296 Apple Mobile Device - ok
    10:55:40.0056 0296 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
    10:55:40.0073 0296 arc - ok
    10:55:40.0126 0296 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    10:55:40.0142 0296 arcsas - ok
    10:55:40.0183 0296 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    10:55:40.0259 0296 AsyncMac - ok
    10:55:40.0303 0296 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
    10:55:40.0319 0296 atapi - ok
    10:55:40.0363 0296 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    10:55:40.0414 0296 AudioEndpointBuilder - ok
    10:55:40.0446 0296 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    10:55:40.0463 0296 Audiosrv - ok
    10:55:40.0514 0296 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    10:55:40.0524 0296 BcmSqlStartupSvc - ok
    10:55:40.0528 0296 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    10:55:40.0563 0296 Beep - ok
    10:55:40.0611 0296 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
    10:55:40.0632 0296 BFE - ok
    10:55:40.0663 0296 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    10:55:40.0713 0296 blbdrive - ok
    10:55:40.0777 0296 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    10:55:40.0834 0296 Bonjour Service - ok
    10:55:40.0895 0296 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    10:55:40.0919 0296 bowser - ok
    10:55:40.0932 0296 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    10:55:40.0949 0296 BrFiltLo - ok
    10:55:40.0962 0296 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    10:55:41.0007 0296 BrFiltUp - ok
    10:55:41.0036 0296 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    10:55:41.0086 0296 Browser - ok
    10:55:41.0132 0296 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    10:55:41.0291 0296 Brserid - ok
    10:55:41.0306 0296 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    10:55:41.0371 0296 BrSerWdm - ok
    10:55:41.0398 0296 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    10:55:41.0460 0296 BrUsbMdm - ok
    10:55:41.0486 0296 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    10:55:41.0554 0296 BrUsbSer - ok
    10:55:41.0581 0296 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    10:55:41.0642 0296 BTHMODEM - ok
    10:55:41.0672 0296 catchme - ok
    10:55:41.0704 0296 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    10:55:41.0764 0296 cdfs - ok
    10:55:41.0804 0296 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    10:55:41.0825 0296 cdrom - ok
    10:55:41.0852 0296 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    10:55:41.0913 0296 CertPropSvc - ok
    10:55:41.0939 0296 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
    10:55:41.0983 0296 circlass - ok
    10:55:42.0033 0296 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    10:55:42.0048 0296 CLFS - ok
    10:55:42.0173 0296 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:55:42.0196 0296 clr_optimization_v2.0.50727_32 - ok
    10:55:42.0237 0296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    10:55:42.0255 0296 clr_optimization_v4.0.30319_32 - ok
    10:55:42.0278 0296 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    10:55:42.0287 0296 cmdide - ok
    10:55:42.0310 0296 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    10:55:42.0319 0296 Compbatt - ok
    10:55:42.0327 0296 COMSysApp - ok
    10:55:42.0332 0296 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    10:55:42.0343 0296 crcdisk - ok
    10:55:42.0359 0296 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    10:55:42.0380 0296 Crusoe - ok
    10:55:42.0420 0296 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    10:55:42.0475 0296 CryptSvc - ok
    10:55:42.0524 0296 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    10:55:42.0583 0296 DcomLaunch - ok
    10:55:42.0621 0296 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    10:55:42.0672 0296 DfsC - ok
    10:55:42.0742 0296 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    10:55:42.0827 0296 DFSR - ok
    10:55:42.0873 0296 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    10:55:42.0919 0296 Dhcp - ok
    10:55:42.0958 0296 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    10:55:42.0970 0296 disk - ok
    10:55:43.0040 0296 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    10:55:43.0109 0296 Dnscache - ok
    10:55:43.0185 0296 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
    10:55:43.0339 0296 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
    10:55:43.0339 0296 DockLoginService - detected UnsignedFile.Multi.Generic (1)
    10:55:43.0431 0296 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    10:55:43.0497 0296 dot3svc - ok
    10:55:43.0541 0296 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    10:55:43.0571 0296 DPS - ok
    10:55:43.0603 0296 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    10:55:43.0655 0296 drmkaud - ok
    10:55:43.0893 0296 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    10:55:43.0916 0296 DXGKrnl - ok
    10:55:43.0947 0296 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
    10:55:43.0988 0296 e1express - ok
    10:55:44.0015 0296 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    10:55:44.0064 0296 E1G60 - ok
    10:55:44.0068 0296 EagleNT - ok
    10:55:44.0098 0296 EagleXNt - ok
    10:55:44.0128 0296 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    10:55:44.0169 0296 EapHost - ok
    10:55:44.0213 0296 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    10:55:44.0227 0296 Ecache - ok
    10:55:44.0279 0296 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    10:55:44.0293 0296 ehRecvr - ok
    10:55:44.0298 0296 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
    10:55:44.0377 0296 ehSched - ok
    10:55:44.0384 0296 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
    10:55:44.0395 0296 ehstart - ok
    10:55:44.0417 0296 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    10:55:44.0436 0296 elxstor - ok
    10:55:44.0470 0296 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    10:55:44.0568 0296 EMDMgmt - ok
    10:55:44.0598 0296 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    10:55:44.0655 0296 ErrDev - ok
    10:55:44.0689 0296 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    10:55:44.0712 0296 EventSystem - ok
    10:55:44.0762 0296 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    10:55:44.0832 0296 exfat - ok
    10:55:44.0862 0296 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    10:55:44.0886 0296 fastfat - ok
    10:55:44.0907 0296 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    10:55:44.0960 0296 fdc - ok
    10:55:44.0985 0296 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    10:55:45.0037 0296 fdPHost - ok
    10:55:45.0062 0296 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    10:55:45.0162 0296 FDResPub - ok
    10:55:45.0192 0296 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    10:55:45.0209 0296 FileInfo - ok
    10:55:45.0227 0296 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    10:55:45.0281 0296 Filetrace - ok
    10:55:45.0334 0296 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    10:55:45.0375 0296 FLEXnet Licensing Service - ok
    10:55:45.0408 0296 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    10:55:45.0439 0296 flpydisk - ok
    10:55:45.0463 0296 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    10:55:45.0484 0296 FltMgr - ok
    10:55:45.0556 0296 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    10:55:45.0658 0296 FontCache - ok
    10:55:45.0729 0296 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    10:55:45.0743 0296 FontCache3.0.0.0 - ok
    10:55:45.0782 0296 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    10:55:45.0808 0296 Fs_Rec - ok
    10:55:45.0830 0296 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    10:55:45.0847 0296 gagp30kx - ok
    10:55:45.0893 0296 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    10:55:45.0905 0296 GEARAspiWDM - ok
    10:55:46.0015 0296 [ 9E37E0C528E1E3A79E215B6A4EEA2143 ] GoogleDesktopManager-092308-165331 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    10:55:46.0048 0296 GoogleDesktopManager-092308-165331 - ok
    10:55:46.0095 0296 [ 9D28B83E5830C143C37D6678C7409304 ] GoToAssist C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
    10:55:46.0129 0296 GoToAssist - ok
    10:55:46.0177 0296 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    10:55:46.0254 0296 gpsvc - ok
    10:55:46.0331 0296 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    10:55:46.0340 0296 gupdate - ok
    10:55:46.0348 0296 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    10:55:46.0356 0296 gupdatem - ok
    10:55:46.0398 0296 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    10:55:46.0409 0296 gusvc - ok
    10:55:46.0460 0296 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    10:55:46.0471 0296 hamachi - ok
    10:55:46.0503 0296 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    10:55:46.0580 0296 HDAudBus - ok
    10:55:46.0600 0296 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    10:55:46.0661 0296 HidBth - ok
    10:55:46.0694 0296 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    10:55:46.0752 0296 HidIr - ok
    10:55:46.0788 0296 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
    10:55:46.0812 0296 hidserv - ok
    10:55:46.0841 0296 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    10:55:46.0901 0296 HidUsb - ok
    10:55:46.0942 0296 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    10:55:46.0994 0296 hkmsvc - ok
    10:55:47.0073 0296 [ 11ACCB0D76E0FE109624224B6713893C ] hnmsvc c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
    10:55:47.0097 0296 hnmsvc - ok
    10:55:47.0111 0296 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    10:55:47.0127 0296 HpCISSs - ok
    10:55:47.0155 0296 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
    10:55:47.0254 0296 HTTP - ok
    10:55:47.0271 0296 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    10:55:47.0286 0296 i2omp - ok
    10:55:47.0301 0296 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    10:55:47.0349 0296 i8042prt - ok
    10:55:47.0397 0296 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\drivers\iastor.sys
    10:55:47.0415 0296 iaStor - ok
    10:55:47.0445 0296 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    10:55:47.0464 0296 iaStorV - ok
    10:55:47.0541 0296 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    10:55:47.0570 0296 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    10:55:47.0570 0296 IDriverT - detected UnsignedFile.Multi.Generic (1)
    10:55:47.0658 0296 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    10:55:47.0708 0296 idsvc - ok
    10:55:47.0922 0296 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
    10:55:48.0256 0296 igfx - ok
    10:55:48.0276 0296 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    10:55:48.0291 0296 iirsp - ok
    10:55:48.0328 0296 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    10:55:48.0399 0296 IKEEXT - ok
    10:55:48.0471 0296 [ 32ABC54D0DDE1A8885C9439537DD3BAD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    10:55:48.0543 0296 IntcAzAudAddService - ok
    10:55:48.0586 0296 [ C7E7E43CBD34D3B0A0156B51B917DFCC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
    10:55:48.0644 0296 IntcHdmiAddService - ok
    10:55:48.0667 0296 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    10:55:48.0677 0296 intelide - ok
    10:55:48.0705 0296 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    10:55:48.0747 0296 intelppm - ok
    10:55:48.0818 0296 [ 7BDB4E00E1CB174B56E5B2C31DDE68A7 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    10:55:48.0826 0296 IntuitUpdateService - ok
    10:55:48.0857 0296 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    10:55:48.0864 0296 IntuitUpdateServiceV4 - ok
    10:55:48.0886 0296 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    10:55:48.0935 0296 IPBusEnum - ok
    10:55:48.0965 0296 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    10:55:48.0987 0296 IpFilterDriver - ok
    10:55:49.0027 0296 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    10:55:49.0081 0296 iphlpsvc - ok
    10:55:49.0086 0296 IpInIp - ok
    10:55:49.0109 0296 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    10:55:49.0136 0296 IPMIDRV - ok
    10:55:49.0153 0296 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    10:55:49.0200 0296 IPNAT - ok
    10:55:49.0268 0296 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    10:55:49.0325 0296 iPod Service - ok
    10:55:49.0377 0296 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    10:55:49.0405 0296 IRENUM - ok
    10:55:49.0420 0296 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    10:55:49.0434 0296 isapnp - ok
    10:55:49.0464 0296 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    10:55:49.0481 0296 iScsiPrt - ok
    10:55:49.0499 0296 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    10:55:49.0515 0296 iteatapi - ok
    10:55:49.0528 0296 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    10:55:49.0544 0296 iteraid - ok
    10:55:49.0560 0296 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    10:55:49.0574 0296 kbdclass - ok
    10:55:49.0608 0296 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    10:55:49.0629 0296 kbdhid - ok
    10:55:49.0652 0296 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    10:55:49.0737 0296 KeyIso - ok
    10:55:49.0785 0296 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    10:55:49.0812 0296 KSecDD - ok
    10:55:49.0851 0296 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    10:55:49.0891 0296 KtmRm - ok
    10:55:49.0960 0296 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
    10:55:49.0988 0296 LanmanServer - ok
    10:55:50.0011 0296 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    10:55:50.0060 0296 LanmanWorkstation - ok
    10:55:50.0089 0296 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    10:55:50.0144 0296 lltdio - ok
    10:55:50.0189 0296 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    10:55:50.0251 0296 lltdsvc - ok
    10:55:50.0283 0296 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    10:55:50.0369 0296 lmhosts - ok
    10:55:50.0402 0296 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    10:55:50.0420 0296 LSI_FC - ok
    10:55:50.0444 0296 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    10:55:50.0462 0296 LSI_SAS - ok
    10:55:50.0481 0296 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    10:55:50.0499 0296 LSI_SCSI - ok
    10:55:50.0524 0296 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    10:55:50.0578 0296 luafv - ok
    10:55:50.0585 0296 LVRS - ok
    10:55:50.0723 0296 [ 37E57C48AF530DF01CDD4E8A2AD77B51 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
    10:55:50.0934 0296 LVUVC - ok
    10:55:50.0964 0296 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    10:55:50.0981 0296 Mcx2Svc - ok
    10:55:51.0013 0296 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
    10:55:51.0028 0296 megasas - ok
    10:55:51.0152 0296 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    10:55:51.0237 0296 MegaSR - ok
    10:55:51.0283 0296 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    10:55:51.0333 0296 MMCSS - ok
    10:55:51.0360 0296 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    10:55:51.0402 0296 Modem - ok
    10:55:51.0435 0296 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    10:55:51.0482 0296 monitor - ok
    10:55:51.0508 0296 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    10:55:51.0519 0296 mouclass - ok
    10:55:51.0531 0296 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    10:55:51.0633 0296 mouhid - ok
    10:55:51.0639 0296 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    10:55:51.0651 0296 MountMgr - ok
    10:55:51.0721 0296 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    10:55:51.0732 0296 MozillaMaintenance - ok
    10:55:51.0771 0296 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    10:55:51.0786 0296 MpFilter - ok
    10:55:51.0806 0296 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
    10:55:51.0819 0296 mpio - ok
  10. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

    Part 2 of TDSS Scan log

    10:55:51.0951 0296 [ A69630D039C38018689190234F866D77 ] MpKsl0fc9146a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B0B233C-4F4E-43B3-B2D2-463020317686}\MpKsl0fc9146a.sys
    10:55:51.0961 0296 MpKsl0fc9146a - ok
    10:55:51.0977 0296 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    10:55:52.0018 0296 mpsdrv - ok
    10:55:52.0063 0296 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
    10:55:52.0091 0296 MpsSvc - ok
    10:55:52.0142 0296 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    10:55:52.0155 0296 Mraid35x - ok
    10:55:52.0181 0296 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    10:55:52.0197 0296 MRxDAV - ok
    10:55:52.0230 0296 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    10:55:52.0264 0296 mrxsmb - ok
    10:55:52.0308 0296 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    10:55:52.0342 0296 mrxsmb10 - ok
    10:55:52.0373 0296 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    10:55:52.0384 0296 mrxsmb20 - ok
    10:55:52.0411 0296 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
    10:55:52.0421 0296 msahci - ok
    10:55:52.0441 0296 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    10:55:52.0452 0296 msdsm - ok
    10:55:52.0488 0296 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    10:55:52.0534 0296 MSDTC - ok
    10:55:52.0571 0296 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    10:55:52.0617 0296 Msfs - ok
    10:55:52.0651 0296 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    10:55:52.0662 0296 msisadrv - ok
    10:55:52.0688 0296 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    10:55:52.0726 0296 MSiSCSI - ok
    10:55:52.0733 0296 msiserver - ok
    10:55:52.0761 0296 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    10:55:52.0782 0296 MSKSSRV - ok
    10:55:52.0872 0296 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    10:55:52.0883 0296 MsMpSvc - ok
    10:55:52.0900 0296 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    10:55:52.0947 0296 MSPCLOCK - ok
    10:55:52.0974 0296 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    10:55:53.0019 0296 MSPQM - ok
    10:55:53.0060 0296 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    10:55:53.0075 0296 MsRPC - ok
    10:55:53.0088 0296 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    10:55:53.0101 0296 mssmbios - ok
    10:55:53.0153 0296 MSSQL$MSSMLBIZ - ok
    10:55:53.0218 0296 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    10:55:53.0228 0296 MSSQLServerADHelper - ok
    10:55:53.0254 0296 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    10:55:53.0305 0296 MSTEE - ok
    10:55:53.0344 0296 [ CD3C06F56104BAC9268587BF1C25A84C ] MTDVC2 C:\Windows\system32\DRIVERS\mtdv2ku2.sys
    10:55:53.0405 0296 MTDVC2 - ok
    10:55:53.0422 0296 [ A25B4CEC85388F2E88567B4D629AA6E4 ] MTDVC2_ENUM C:\Windows\system32\DRIVERS\mtdv2ks2.sys
    10:55:53.0454 0296 MTDVC2_ENUM - ok
    10:55:53.0495 0296 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    10:55:53.0510 0296 Mup - ok
    10:55:53.0533 0296 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    10:55:53.0555 0296 napagent - ok
    10:55:53.0624 0296 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    10:55:53.0655 0296 NativeWifiP - ok
    10:55:53.0691 0296 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
    10:55:53.0717 0296 NDIS - ok
    10:55:53.0722 0296 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    10:55:53.0763 0296 NdisTapi - ok
    10:55:53.0800 0296 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    10:55:53.0820 0296 Ndisuio - ok
    10:55:53.0851 0296 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    10:55:53.0894 0296 NdisWan - ok
    10:55:53.0922 0296 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    10:55:53.0937 0296 NDProxy - ok
    10:55:53.0947 0296 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    10:55:53.0990 0296 NetBIOS - ok
    10:55:54.0049 0296 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    10:55:54.0069 0296 netbt - ok
    10:55:54.0077 0296 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    10:55:54.0088 0296 Netlogon - ok
    10:55:54.0116 0296 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
    10:55:54.0166 0296 Netman - ok
    10:55:54.0197 0296 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
    10:55:54.0250 0296 netprofm - ok
    10:55:54.0277 0296 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    10:55:54.0289 0296 NetTcpPortSharing - ok
    10:55:54.0314 0296 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    10:55:54.0326 0296 nfrd960 - ok
    10:55:54.0372 0296 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    10:55:54.0383 0296 NisDrv - ok
    10:55:54.0437 0296 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    10:55:54.0454 0296 NisSrv - ok
    10:55:54.0476 0296 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    10:55:54.0503 0296 NlaSvc - ok
    10:55:54.0522 0296 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    10:55:54.0541 0296 Npfs - ok
    10:55:54.0559 0296 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
    10:55:54.0617 0296 nsi - ok
    10:55:54.0651 0296 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    10:55:54.0706 0296 nsiproxy - ok
    10:55:54.0772 0296 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    10:55:54.0827 0296 Ntfs - ok
    10:55:54.0870 0296 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    10:55:54.0940 0296 ntrigdigi - ok
    10:55:54.0968 0296 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    10:55:54.0987 0296 Null - ok
    10:55:55.0008 0296 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    10:55:55.0019 0296 nvraid - ok
    10:55:55.0044 0296 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    10:55:55.0055 0296 nvstor - ok
    10:55:55.0078 0296 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    10:55:55.0090 0296 nv_agp - ok
    10:55:55.0098 0296 NwlnkFlt - ok
    10:55:55.0106 0296 NwlnkFwd - ok
    10:55:55.0190 0296 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    10:55:55.0207 0296 odserv - ok
    10:55:55.0260 0296 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    10:55:55.0307 0296 ohci1394 - ok
    10:55:55.0360 0296 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    10:55:55.0372 0296 ose - ok
    10:55:55.0395 0296 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    10:55:55.0489 0296 p2pimsvc - ok
    10:55:55.0500 0296 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    10:55:55.0522 0296 p2psvc - ok
    10:55:55.0539 0296 [ 9D80E0BE979C3EDAF2863F23B88F4DE6 ] Packet C:\Windows\system32\DRIVERS\packet.sys
    10:55:55.0628 0296 Packet - ok
    10:55:55.0687 0296 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
    10:55:55.0725 0296 Parport - ok
    10:55:55.0760 0296 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    10:55:55.0773 0296 partmgr - ok
    10:55:55.0790 0296 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    10:55:55.0860 0296 Parvdm - ok
    10:55:55.0897 0296 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    10:55:55.0964 0296 PcaSvc - ok
    10:55:55.0990 0296 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    10:55:56.0005 0296 pci - ok
    10:55:56.0015 0296 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
    10:55:56.0028 0296 pciide - ok
    10:55:56.0050 0296 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    10:55:56.0061 0296 pcmcia - ok
    10:55:56.0091 0296 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    10:55:56.0209 0296 PEAUTH - ok
    10:55:56.0279 0296 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    10:55:56.0409 0296 pla - ok
    10:55:56.0456 0296 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    10:55:56.0502 0296 PlugPlay - ok
    10:55:56.0533 0296 [ FAB495F1DEFEB596C44B9752A25E2A60 ] pmxmouse C:\Windows\system32\DRIVERS\pmxmouse.sys
    10:55:56.0550 0296 pmxmouse - ok
    10:55:56.0567 0296 [ 020EAE9DFE3CD277994CE60E4C2C71CF ] pmxusblf C:\Windows\system32\DRIVERS\pmxusblf.sys
    10:55:56.0579 0296 pmxusblf - ok
    10:55:56.0603 0296 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    10:55:56.0624 0296 PNRPAutoReg - ok
    10:55:56.0653 0296 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    10:55:56.0674 0296 PNRPsvc - ok
    10:55:56.0706 0296 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    10:55:56.0752 0296 PolicyAgent - ok
    10:55:56.0794 0296 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    10:55:56.0839 0296 PptpMiniport - ok
    10:55:56.0861 0296 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
    10:55:56.0905 0296 Processor - ok
    10:55:56.0952 0296 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    10:55:57.0003 0296 ProfSvc - ok
    10:55:57.0035 0296 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    10:55:57.0047 0296 ProtectedStorage - ok
    10:55:57.0078 0296 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    10:55:57.0128 0296 PSched - ok
    10:55:57.0181 0296 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
    10:55:57.0195 0296 PxHelp20 - ok
    10:55:57.0285 0296 QAH - ok
    10:55:57.0288 0296 QGXGMK - ok
    10:55:57.0349 0296 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    10:55:57.0401 0296 ql2300 - ok
    10:55:57.0443 0296 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    10:55:57.0454 0296 ql40xx - ok
    10:55:57.0495 0296 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    10:55:57.0536 0296 QWAVE - ok
    10:55:57.0567 0296 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    10:55:57.0578 0296 QWAVEdrv - ok
    10:55:57.0632 0296 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
    10:55:57.0757 0296 R300 - ok
    10:55:57.0781 0296 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    10:55:57.0826 0296 RasAcd - ok
    10:55:57.0855 0296 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    10:55:57.0876 0296 RasAuto - ok
    10:55:57.0887 0296 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    10:55:57.0928 0296 Rasl2tp - ok
    10:55:57.0985 0296 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    10:55:58.0030 0296 RasMan - ok
    10:55:58.0076 0296 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    10:55:58.0118 0296 RasPppoe - ok
    10:55:58.0169 0296 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    10:55:58.0181 0296 RasSstp - ok
    10:55:58.0212 0296 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    10:55:58.0261 0296 rdbss - ok
    10:55:58.0287 0296 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    10:55:58.0335 0296 RDPCDD - ok
    10:55:58.0359 0296 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    10:55:58.0387 0296 rdpdr - ok
    10:55:58.0391 0296 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    10:55:58.0429 0296 RDPENCDD - ok
    10:55:58.0487 0296 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    10:55:58.0517 0296 RDPWD - ok
    10:55:58.0560 0296 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    10:55:58.0585 0296 RemoteAccess - ok
    10:55:58.0611 0296 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    10:55:58.0632 0296 RemoteRegistry - ok
    10:55:58.0726 0296 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    10:55:58.0755 0296 RpcLocator - ok
    10:55:58.0774 0296 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    10:55:58.0805 0296 RpcSs - ok
    10:55:58.0818 0296 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    10:55:58.0847 0296 rspndr - ok
    10:55:58.0916 0296 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
    10:55:58.0972 0296 RTL8169 - ok
    10:55:58.0996 0296 [ 7F8D15EE000577BE703537849D4F9397 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
    10:55:59.0022 0296 RtNdPt60 - ok
    10:55:59.0028 0296 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    10:55:59.0042 0296 SamSs - ok
    10:55:59.0062 0296 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    10:55:59.0072 0296 sbp2port - ok
    10:55:59.0099 0296 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    10:55:59.0138 0296 SCardSvr - ok
    10:55:59.0187 0296 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    10:55:59.0291 0296 Schedule - ok
    10:55:59.0317 0296 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    10:55:59.0332 0296 SCPolicySvc - ok
    10:55:59.0385 0296 [ 958E956E119EB7B9ABA142AFED1B5FF4 ] ScsiAccess C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    10:55:59.0395 0296 ScsiAccess - ok
    10:55:59.0418 0296 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    10:55:59.0436 0296 SDRSVC - ok
    10:55:59.0455 0296 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    10:55:59.0514 0296 secdrv - ok
    10:55:59.0543 0296 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    10:55:59.0594 0296 seclogon - ok
    10:55:59.0619 0296 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
    10:55:59.0667 0296 SENS - ok
    10:55:59.0671 0296 Ser2pl - ok
    10:55:59.0701 0296 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    10:55:59.0762 0296 Serenum - ok
    10:55:59.0784 0296 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
    10:55:59.0844 0296 Serial - ok
    10:55:59.0875 0296 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    10:55:59.0899 0296 sermouse - ok
    10:55:59.0930 0296 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    10:55:59.0959 0296 SessionEnv - ok
    10:55:59.0976 0296 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    10:56:00.0014 0296 sffdisk - ok
    10:56:00.0056 0296 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    10:56:00.0113 0296 sffp_mmc - ok
    10:56:00.0126 0296 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    10:56:00.0211 0296 sffp_sd - ok
    10:56:00.0233 0296 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    10:56:00.0376 0296 sfloppy - ok
    10:56:00.0492 0296 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    10:56:00.0628 0296 SharedAccess - ok
    10:56:00.0790 0296 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    10:56:00.0937 0296 ShellHWDetection - ok
    10:56:01.0002 0296 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    10:56:01.0055 0296 sisagp - ok
    10:56:01.0116 0296 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    10:56:01.0167 0296 SiSRaid2 - ok
    10:56:01.0221 0296 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    10:56:01.0272 0296 SiSRaid4 - ok
    10:56:01.0318 0296 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    10:56:01.0363 0296 SkypeUpdate - ok
    10:56:01.0831 0296 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    10:56:01.0991 0296 slsvc - ok
    10:56:02.0037 0296 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    10:56:02.0093 0296 SLUINotify - ok
    10:56:02.0178 0296 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    10:56:02.0224 0296 Smb - ok
    10:56:02.0274 0296 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    10:56:02.0316 0296 SNMPTRAP - ok
    10:56:02.0346 0296 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    10:56:02.0361 0296 spldr - ok
    10:56:02.0388 0296 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    10:56:02.0433 0296 Spooler - ok
    10:56:02.0513 0296 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    10:56:02.0523 0296 sprtsvc_DellSupportCenter - ok
    10:56:02.0531 0296 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    10:56:02.0544 0296 SQLBrowser - ok
    10:56:02.0598 0296 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    10:56:02.0607 0296 SQLWriter - ok
    10:56:02.0663 0296 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    10:56:02.0725 0296 srv - ok
    10:56:02.0774 0296 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    10:56:02.0829 0296 srv2 - ok
    10:56:02.0915 0296 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    10:56:02.0927 0296 srvnet - ok
    10:56:02.0955 0296 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    10:56:03.0010 0296 SSDPSRV - ok
    10:56:03.0036 0296 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    10:56:03.0075 0296 SstpSvc - ok
    10:56:03.0108 0296 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    10:56:03.0150 0296 StillCam - ok
    10:56:03.0195 0296 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    10:56:03.0229 0296 stisvc - ok
    10:56:03.0279 0296 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    10:56:03.0332 0296 stllssvr - ok
    10:56:03.0371 0296 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    10:56:03.0382 0296 swenum - ok
    10:56:03.0412 0296 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    10:56:03.0461 0296 swprv - ok
    10:56:03.0486 0296 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    10:56:03.0500 0296 Symc8xx - ok
    10:56:03.0512 0296 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    10:56:03.0525 0296 Sym_hi - ok
    10:56:03.0538 0296 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    10:56:03.0548 0296 Sym_u3 - ok
    10:56:03.0580 0296 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    10:56:03.0631 0296 SysMain - ok
    10:56:03.0674 0296 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    10:56:03.0687 0296 TabletInputService - ok
    10:56:03.0720 0296 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    10:56:03.0768 0296 TapiSrv - ok
    10:56:03.0799 0296 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    10:56:03.0820 0296 TBS - ok
    10:56:03.0856 0296 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    10:56:03.0892 0296 Tcpip - ok
    10:56:03.0949 0296 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    10:56:03.0981 0296 Tcpip6 - ok
    10:56:04.0025 0296 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    10:56:04.0062 0296 tcpipreg - ok
    10:56:04.0086 0296 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    10:56:04.0133 0296 TDPIPE - ok
    10:56:04.0158 0296 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    10:56:04.0197 0296 TDTCP - ok
    10:56:04.0239 0296 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    10:56:04.0278 0296 tdx - ok
    10:56:04.0312 0296 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    10:56:04.0325 0296 TermDD - ok
    10:56:04.0347 0296 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    10:56:04.0410 0296 TermService - ok
    10:56:04.0448 0296 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    10:56:04.0464 0296 Themes - ok
    10:56:04.0474 0296 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    10:56:04.0498 0296 THREADORDER - ok
    10:56:04.0501 0296 TIWIA - ok
    10:56:04.0515 0296 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    10:56:04.0574 0296 TrkWks - ok
    10:56:04.0613 0296 [ B3C9C35DC93563B8D19AD414EDF2FC82 ] TrueSight c:\windows\system32\drivers\TrueSight.sys
    10:56:04.0654 0296 TrueSight ( UnsignedFile.Multi.Generic ) - warning
    10:56:04.0654 0296 TrueSight - detected UnsignedFile.Multi.Generic (1)
    10:56:04.0706 0296 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    10:56:04.0776 0296 TrustedInstaller - ok
    10:56:04.0808 0296 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    10:56:04.0835 0296 tssecsrv - ok
    10:56:04.0911 0296 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    10:56:04.0927 0296 tunmp - ok
    10:56:04.0957 0296 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    10:56:05.0021 0296 tunnel - ok
    10:56:05.0046 0296 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    10:56:05.0063 0296 uagp35 - ok
    10:56:05.0120 0296 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    10:56:05.0148 0296 udfs - ok
    10:56:05.0169 0296 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    10:56:05.0230 0296 UI0Detect - ok
    10:56:05.0273 0296 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    10:56:05.0289 0296 uliagpkx - ok
    10:56:05.0312 0296 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
    10:56:05.0333 0296 uliahci - ok
    10:56:05.0364 0296 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    10:56:05.0374 0296 UlSata - ok
    10:56:05.0397 0296 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    10:56:05.0407 0296 ulsata2 - ok
    10:56:05.0425 0296 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    10:56:05.0444 0296 umbus - ok
    10:56:05.0502 0296 [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    10:56:05.0520 0296 UMVPFSrv - ok
    10:56:05.0566 0296 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    10:56:05.0616 0296 upnphost - ok
    10:56:05.0677 0296 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    10:56:05.0754 0296 USBAAPL - ok
    10:56:05.0778 0296 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    10:56:05.0819 0296 usbaudio - ok
    10:56:05.0860 0296 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    10:56:05.0876 0296 usbccgp - ok
    10:56:05.0919 0296 [ BAF8295318980E8528825082DFED85D6 ] USBCCID C:\Windows\system32\DRIVERS\Rts5161ccid.sys
    10:56:05.0953 0296 USBCCID - ok
    10:56:05.0975 0296 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    10:56:06.0010 0296 usbcir - ok
    10:56:06.0065 0296 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    10:56:06.0121 0296 usbehci - ok
    10:56:06.0157 0296 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    10:56:06.0203 0296 usbhub - ok
    10:56:06.0234 0296 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
    10:56:06.0294 0296 usbohci - ok
    10:56:06.0334 0296 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    10:56:06.0382 0296 usbprint - ok
    10:56:06.0434 0296 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    10:56:06.0450 0296 usbscan - ok
    10:56:06.0469 0296 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    10:56:06.0512 0296 USBSTOR - ok
    10:56:06.0547 0296 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    10:56:06.0594 0296 usbuhci - ok
    10:56:06.0642 0296 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    10:56:06.0684 0296 usbvideo - ok
    10:56:06.0762 0296 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    10:56:06.0807 0296 UxSms - ok
    10:56:06.0844 0296 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    10:56:06.0869 0296 vds - ok
    10:56:06.0884 0296 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    10:56:06.0905 0296 vga - ok
    10:56:06.0922 0296 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    10:56:06.0973 0296 VgaSave - ok
    10:56:07.0001 0296 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
    10:56:07.0012 0296 viaagp - ok
    10:56:07.0046 0296 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    10:56:07.0085 0296 ViaC7 - ok
    10:56:07.0120 0296 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
    10:56:07.0130 0296 viaide - ok
    10:56:07.0148 0296 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    10:56:07.0163 0296 volmgr - ok
    10:56:07.0192 0296 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    10:56:07.0210 0296 volmgrx - ok
    10:56:07.0241 0296 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    10:56:07.0258 0296 volsnap - ok
    10:56:07.0275 0296 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    10:56:07.0291 0296 vsmraid - ok
    10:56:07.0334 0296 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    10:56:07.0386 0296 VSS - ok
    10:56:07.0439 0296 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    10:56:07.0491 0296 W32Time - ok
    10:56:07.0572 0296 [ 9CA92191C8F18E8B491A5B28E63C07B7 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
    10:56:07.0594 0296 W3SVC - ok
    10:56:07.0624 0296 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    10:56:07.0671 0296 WacomPen - ok
    10:56:07.0686 0296 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    10:56:07.0707 0296 Wanarp - ok
    10:56:07.0711 0296 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    10:56:07.0733 0296 Wanarpv6 - ok
    10:56:07.0747 0296 [ 9CA92191C8F18E8B491A5B28E63C07B7 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
    10:56:07.0762 0296 WAS - ok
    10:56:07.0811 0296 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    10:56:07.0830 0296 wcncsvc - ok
    10:56:07.0866 0296 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    10:56:07.0903 0296 WcsPlugInService - ok
    10:56:07.0930 0296 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
    10:56:07.0940 0296 Wd - ok
    10:56:07.0960 0296 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    10:56:07.0981 0296 Wdf01000 - ok
    10:56:08.0001 0296 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    10:56:08.0022 0296 WdiServiceHost - ok
    10:56:08.0025 0296 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    10:56:08.0047 0296 WdiSystemHost - ok
    10:56:08.0057 0296 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    10:56:08.0101 0296 WebClient - ok
    10:56:08.0148 0296 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    10:56:08.0183 0296 Wecsvc - ok
    10:56:08.0214 0296 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    10:56:08.0233 0296 wercplsupport - ok
    10:56:08.0263 0296 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    10:56:08.0308 0296 WerSvc - ok
    10:56:08.0372 0296 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    10:56:08.0387 0296 WinDefend - ok
    10:56:08.0392 0296 WinHttpAutoProxySvc - ok
    10:56:08.0433 0296 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    10:56:08.0452 0296 Winmgmt - ok
    10:56:08.0521 0296 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    10:56:08.0570 0296 WinRM - ok
    10:56:08.0665 0296 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    10:56:08.0709 0296 Wlansvc - ok
    10:56:08.0732 0296 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    10:56:08.0766 0296 WmiAcpi - ok
    10:56:08.0806 0296 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    10:56:08.0854 0296 wmiApSrv - ok
    10:56:08.0894 0296 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    10:56:08.0950 0296 WMPNetworkSvc - ok
    10:56:08.0965 0296 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    10:56:09.0032 0296 WPCSvc - ok
    10:56:09.0064 0296 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    10:56:09.0087 0296 WPDBusEnum - ok
    10:56:09.0132 0296 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    10:56:09.0146 0296 WpdUsb - ok
    10:56:09.0244 0296 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    10:56:09.0283 0296 WPFFontCache_v0400 - ok
    10:56:09.0331 0296 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    10:56:09.0382 0296 ws2ifsl - ok
    10:56:09.0416 0296 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
    10:56:09.0436 0296 wscsvc - ok
    10:56:09.0474 0296 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
    10:56:09.0500 0296 WSDPrintDevice - ok
    10:56:09.0504 0296 WSearch - ok
    10:56:09.0579 0296 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    10:56:09.0667 0296 wuauserv - ok
    10:56:09.0679 0296 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    10:56:09.0744 0296 WUDFRd - ok
    10:56:09.0786 0296 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    10:56:09.0819 0296 wudfsvc - ok
    10:56:09.0836 0296 ================ Scan global ===============================
    10:56:09.0889 0296 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    10:56:09.0925 0296 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    10:56:09.0951 0296 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    10:56:09.0987 0296 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
    10:56:09.0991 0296 [Global] - ok
    10:56:09.0992 0296 ================ Scan MBR ==================================
    10:56:10.0009 0296 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    10:56:10.0271 0296 \Device\Harddisk0\DR0 - ok
    10:56:10.0272 0296 ================ Scan VBR ==================================
    10:56:10.0297 0296 [ 5269C453B36328715DF33CC8181E46D8 ] \Device\Harddisk0\DR0\Partition1
    10:56:10.0299 0296 \Device\Harddisk0\DR0\Partition1 - ok
    10:56:10.0303 0296 [ 0AC3AA76231A4011DA328D4C9271E2C6 ] \Device\Harddisk0\DR0\Partition2
    10:56:10.0304 0296 \Device\Harddisk0\DR0\Partition2 - ok
    10:56:10.0305 0296 ============================================================
    10:56:10.0305 0296 Scan finished
    10:56:10.0305 0296 ============================================================
    10:56:10.0316 2888 Detected object count: 4
    10:56:10.0316 2888 Actual detected object count: 4
    10:56:39.0492 2888 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    10:56:39.0492 2888 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    10:56:39.0494 2888 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
    10:56:39.0494 2888 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:56:39.0496 2888 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    10:56:39.0496 2888 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:56:39.0498 2888 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
    10:56:39.0498 2888 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:58:32.0016 4960 Deinitialize success
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Well, I usually look through the CBS log and use the Find command to get any string that has the word "error" attached to it. Once that's done, I copy+paste that to Notepad and then research them.

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  12. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

    Here is the log of the FRST scan.

    The problem is still occurring with me being locked out of my account. I have been using my wife (Sylvie) account.
    I may need to investigate how to disable the workstation lock function. This does not solve the problem because I still get the signal or command to lock my workstation, but the screen just blinks and sort of wipes everything out for a second. It at least lets me read emails and documents. Wish I could be of more help in troubleshooting this.

    Matt


    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 01
    Ran by SYSTEM at 2012-08-26 14:19:03 Run:3
    Running from E:\

    ==============================================

    QAH service deleted successfully.
    QGXGMK service deleted successfully.
    TIWIA service deleted successfully.
    C:\Users\Matthew\AppData\Local\Temp\QAH.exe not found.
    C:\Users\Matthew\AppData\Local\Temp\QGXGMK.exe not found.
    C:\Users\Matthew\AppData\Local\Temp\TIWIA.exe not found.
    C:\svchost.exe moved successfully.
    C:\Users\Sylvie\Downloads\.directory moved successfully.
    C:\Windows\System32\Drivers\qimbvnag.sys moved successfully.

    ==== End of Fixlog ====
  13. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

    I am wondering if my user lock out problem has to do with "opportunistic locking"

    The problem occurred on or about the time my son set up a server so he could play Minecraft with his friends.

    Should I try to disable opportunistic locking?

    thx
  14. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

    Ok I tried the OplocksDisabled thing. It didn't solve my problem.
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    What about deleting your User account after creating a new administrator account. Are there any other admin accounts to which you can do this?
  16. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

    Yes I can create a new account and delete the old one. But what about all my files and my outlook email account? Would I need to copy all my pictures, thousands of them, and video over to new account or could I just rename the user account folder. Also not exactly sure how I would reset up my email. But that does sound like the most practical solution at this time.
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes, copy all the data you want over to your new account (only documents, text files, emails, pictures, and video). You can keep your userdata folder, yes, but when you create a new account, you cannot apply the new name to the same userdata. It will automatically create and append a new "Session ID number" to your account (and the user folder), which is a unique identifier for each user on the computer.

    I wish Microsoft had a way to do a user account repair tool that would take care of this mess.

    Your email settings should be the same, whether connecting via POP or IMAP. Just do the setup wizard as done before in Outlook.

    Do you know where the emails are located?
  18. MattRounseville

    MattRounseville Newcomer, in training Topic Starter Posts: 29

    OK This sounds like a good plan. I will create a new user account and start copying files over. I looked around some but I don't see where the email folders are located. Do I need to be logged into Outlook to access them. I can get in to my original account if I need to, it's just a bit of an annoyance. Thanks for your help. I will be happy to donate but I need to wait a few days for my next paycheck.

    Matt
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Windows Vista stores Outlook email files at the following location:
    C:\users\{username}\Local\Application Data\Microsoft\Outlook
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let me know how this worked out, please.
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.